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(54) Title: SECURE DATA COMMUNICATION SYSTEM 
(57) Abstract 

A secure data communication system comprising a first computer (10, 16) is adapted to transmit/receive information to/from a second 
computer (12) via a first communication path (14). The first computer (10, 16) is adapted to transmit/receive information to/from a second 
computer (12) via a second communication path (20) distinct from the first communication path (14), and the first computer (10, 16) is 
adapted to split the information into at least two different portions of partial information prior to transmitting the information to the second 
computer, and transmit the at least two different portions of partial information via the first and the second communication path. The second 
computer (12) is adapted to receive at least two different portions of partial information from the first computer via the first and the second 
communication path, and combine the at least two different portions of partial information to obtain the original information. 
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SECURE DATA COMMUNICATION SYSTEM 

10 The present invention is related to a secure data 
communication system. More specifically, the present 
invention is related to a secure data communication system in 
which an end user is capable of interchanging data with a 
host computer. 

15 

Today, an increasing number of transactions are carried out 
between end users (e.g. at home) and host computers (e.g. of 
a bank) . These transactions can include money orders occuring 
when an end user does "electronic shopping" (e.g. home order 
20 television) or the transmission of other sensitive data. 

In current systems, protection schemes include the encryption 
of the data by various algorithms (e.g. DES or RSA) . However, 
the transmission of information encripted according to such 
25 algorithms is not immune to wire tapping and subsequent 
decryption. The likelihood of a successful decryption is 
increased by the increased computational power of computer 
work stations available today. 

30 Hence, it is an object of the present invention, to provide a 
simple but secure data communication system which can be 
implemented for a virtually unlimited number of end users who 
want to communicate with a host computer. 

35 To solve this problem, the present invention teaches a secure 
data communication system comprising a first computer being 
adapted to transmit/receive information to/from a second 
computer via a first communication path, wherein the first 
computer is adapted to transmit/receive information to/ from a 

40 second computer via a second communication path distinct from 
the first communication path, the first computer is adapted 
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to split the information into at least two different portions 
of partial information prior to transmitting the information 
to the second computer, transmit the at least two different 
portions of partial information via the first and the second 
communication paths, respectively, the second computer being 
adapted to receive at least two different portions of partial 
information from the first computer via said first and said 
second communication path, and combine the at least two 
different portions of partial information to obtain the 
original information. 

This concept makes it very difficult if not impossible for 
any intruder to obtain the complete information 
sent/received. Since the splitting of the information into 
various portions can be done in a manner unpredictable by an 
intruder, he/she will not be able to obtain the complete 
information by only tapping on of said communication paths. 

Moreover, even if the intruder were able to tap both or all 
of said communication paths, there remains still the 
difficulty for him/her to (re) combine the obtained respective 
portions of the information in a useful manner. 

Preferably, the first and the second computer further 
comprise an information splitting/combination means to split 
information to be sent and/or to store received different 
portions of partial information and to combine said received 
and stored different portions of partial information to 
obtain the original information. 

This can either be implemented in the respective computers 
themselves by software programs, or the first and the second 
computer are connected to external hardware devices 
respectively, in which these function are implemented (by a 
suitably programmed computer) . 
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The information splitting/combination means also includes a 
determination means (preferably implemented by a software 
program) to determine an splitting scheme according to which 
the different portions of partial information from the first 
computer are splitted and sent via said first and said second 
communication path to said second computer. 

This allows for a pseudo-random splitting of the transmission 
of the different portions of partial information from the 
first computer to the second computer (and vice versa) via 
the two communication paths- This scheme makes it virtually 
unpredictable for an intruder to obtain the complete 
information in a legible manner. 

To make it even more difficult, it is also possible to 
additionally reverse or at least change the sequence of the 
different portions of partial information in each of the two 
communication paths . 

The determination means is adapted to determine the order of 
splitting according to a predetermined scheme or a random 
scheme. A predetermined order scheme is easier to implement 
(on the transmitting side as well as on the receiving side) 
but also easier to be found out by an intruder. 

A random order scheme requires a more sophisticated mechanism 
or protocol to ascertain the correct concatenation of the 
different portions of partial information at the receiving 
side of the communication path. 

The invention is also covering the concept of transceiving 
information that is accompanied by a PIN (Personal 
Identification Number) and/or a TAN (Transaction Number) . 
According to the invention, the PIN and/or the TAN as well as 
the information itself can be split according to various 
schemes. One example is to sent any or all Arabic numerals 
through one communication path, while the remaining 
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information is sent through the other communication path. 
Preferably, in the case of the two communication paths having 
different levels of security, the Arabic numerals would be 
sent through communication path having the higher security 
level. 

Another possibility is to change the communication path after 
each Arabic numeral character sent. Thus, especially the 
highly sensitive parts of the information are broken into 
entities which are meaningless (and hence worthless) to any 
intruder. 

In a preferred embodiment of the invention, the first 
communication path is provided in a terrestrial telephone 
system, and the second communication path is provided in a 
cellular mobile telephone system. Especially the usage of the 
widely spread GSM (R) , PCS, CDMA etc. systems with their 
superior level of safety compared to land lines makes it 
extremely difficult for an intruder to obtain the complete 
information transceived (irrespective of whether or not the 
information is transmitted in an encrypted format or not) . 

The present invention also encompasses that the first and/or 
said second computer further comprises an information 
encrypting/decrypting means in which said information is 
encrypted prior to being split into said at least two 
different portions of partial information or said information 
is encrypted after being split into said at least two 
different portions of partial information. Again, this can be 
implemented either in the respective computers themselves by 
software programs, or the first and the second computer are 
connected to external hardware devices in which these 
function are implemented (by a suitably programmed computer) . 

Encrypting the data before the splitting can be advantageous 
insofar, as the computational power for the encryption 
algorithm needs to be provided only once while the 
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5 computational power to split (and subsequently transmit) the 
information is relatively limited. It can, however, further 
increase the security to split the information and to 
independently encrypt the two parts of the information to be 
transmitted . 

10 

In case the "natural" sequence of the parts of information is 
changed for one or all of the communication paths, it is 
preferred to provide an information tagging means in which 
the at least two different portions of partial information 
15 are provided with markings containing an indication regarding 
the sequential order of the different portions of partial 
information . 



In a preferred embodiment of the invention, the first and the 
20 second computer further comprises an information processing 
means in which information received from a respective other 
computer is only processed upon an authorization indication 
generated by a authorization computer connected to the 
information processing means. 

25 

Usually, this authorization computer is provided at the host 
computer (i.e. the processing computer) of a bank or the 
like. This processing computer of the bank will obtain the 
authorization from the authorization computer which is not 

30 accessible from outside. Since the processing computer of the 
bank is only provided with parts of the information required 
to carry out a certain transaction while the authorization 
computer is not accessible from outside but only accessible 
from the processing computer, an intruder will not be able to 

35 obtain the complete information. 

The present invention is also related to a peripheral device 
connectable to a computer, said peripheral device comprising: 
a first input/output connector for transceiving information 
40 to/from said computer from/to said peripheral device, a 
second input/output connector for transceiving information 
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to/from said peripheral device from/to a first interface 
correctable to a first communication path, a third 
input/output connector for transceiving information to/from 
saxd peripheral device from/to a second interface connectable 
to a second communication path, and a controller for 
controlling the transmission/reception of information to/from 
said computer from/to said peripheral device, processsing 
Said info ™ at i°" ^d transceiving said information to/from 
said peripheral device from/to said first and/or second 
interface from/to said first and/or second communication 
path. This device can be easily connected to a PC or an 
intelligent telephone on the one side and to a terrestrial 
telephone line and a mobile telephone (or a second 
terrestrial telephone line) in order to set up two 
communication paths to a host computer (of a bank etc.) 
Alternatively, it is also possible to use two mobile 
telephones to set up the two communication paths. 

Further features, advantages, possible modifications and 
enhancements of the present invention are explained in more 
detail in connection with the description of a presently 
preferred embodiment as schematically shown in the drawings. 

Fig. 1 schematically shows a block diagram of the system 
according to the present invention. 

Fig. 2 schematically shows a block diagram of a peripheral 
device connectable to a computer to implement the present 
invention. 

Fig. 3 is a schematical flow chart for the program of the 
computer in the peripheral device according to Fig. 2 . 

Fig. 4 shows how information presented to the peripheral 
device according to Fig. 2 is transformed by this device. 
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5 In Fig. 1, a secure data communication system is shown. This 
system comprises a first computer 10 being adapted to 
transmit/receive information to/from a second computer 12 via 
a first communication path 14. This first computer can be 
implemented by a PC (personal computer) having a central 

10 processing unit including RAM , ROM, hard disk drive, serial 
interface etc., a keyboard and a video screen. Alteratively , 
this computer can also be implemented by a M intelligent 11 
telephone 16 having the standard functions of a telephone 
plus the capability of entering and displaying one or more 

15 lines of alphanumer ical characters that are to be transceived 
by the 11 intelligent 11 telephone. 

One commercially available product fulfilling these criteria 
is the telecommunications enduser device "MULTIKIT" marketed 

20 by the applicant/assignee of the present invention. This 
computer/ telephone 10, 16 is connected to a peripheral device 
22. The peripheral device 22 provides (via a modem or the 
like) a connection to first communication path 14. This 
first communication path 14 is a terrestrial telephone 

25 network. 

Additionally, the first computer 10, 16 is adapted to 
transmit/receive information to/ from the second computer 12 
via a second communication path 20 which is different from 

30 the first communication path 14. To achieve this, the 
peripheral device 22 is adapted to split the information 
received from the first computer 10, 16 into two or more 
different portions of partial information prior to 
transmitting the information to the second computer 12. These 

35 portions of partial information are transmitted separately 
via the first and the second communication paths 14, 20. 
Correspondingly, the second computer 12 is adapted to receive 
these two different portions of partial information from the 
first computer 10, 16 via the first and the second 

40 communication paths 14, 20, and to combine the two different 
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portions of partial information to obtain the original 
(complete) information for further processing. 

More specifically, the first computer 10, 16 is connected to 
a serial interface 28 of the peripheral device 22 which also 
includes an information splitting/combination functionality 
to store the information for further processing, i.e. to 
split information to be sent into different portions of 
partial information and to combine received different 
portions of partial information to obtain the original 
information. 

To achieve this, the information splitting/combination device 
22 comprises a microprocessor 30 (see Fig. 2) , a RAM memory 
32 connected thereto, two serial interfaces 34, 36 to provide 
connections to the mobile telecommunications network 20 and 
the terrestrial (fixed) network 14, respectively, and a 
(Flash-) ROM memory 3 8 for a control software program. 

The microprocessor 30 is also programmed to act as a 
determination means for determining an splitting scheme 
according to which the different portions of partial 
information from the first computer 10, 16 are splitted and 
sent via the first and second communication paths 14, 20 to 
the second computer 12 . 

In the present embodiment, the entire information is splitted 
into different portions of partial information by changing 
the communication path through which the information is sent 
after each second character. 

More specifically, the splitted portions of information are 
sent out in an alternating fashion through the two serial 
interfaces 34, 36 to the mobile telephone 18 having a data 
transmission/reception capability, and the terrestial 
telephone network 14, respectively. The portion of the 
information sent out through the mobile telephone 18 is fed 
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into the mobile telephone network 20. From the mobile 
telephone network 20, the portion of the information is sent 
to a transceiving station 40 provided at the site of the 
second computer 12. The information received from the mobile 
network 20 is temporarily stored in an authorization server 
44 . 

Parallel to the transmission of information through the 
wireless (mobile) communications path 20, the peripheral 
device 22 feeds ther other portion of information into the 
terrestrial telephone network 14. The terrestrial telephone 
network 14 feeds the information into a transceiving station 
42 also provided at the site of the second computer 12. The 
information received by the transceiving station 42 is fed 
into the second (main) computer 12. Once the second computer 
12 receives information through the terrestrial network 14, 
the corresponding (still missing) information received via 
the mobile network 20 is obtained by the second computer 12 
from the authorization server 44 in order to have the 
authorization server 44 to carry out the respective 
transaction. 

The second computer 12 (and/or the authorization server 44) 
are programmed to carry out the decryption and recombination 
required to reverse the transformation of the information 
carried out in the first computer/telephone 10/16 or the 
peripheral device 22. 

The microprocessor 30 in the peripheral device 22 is also 
programmed to act as a an information encrypting/decrypting 
means in which the information is encrypted prior to being 
split into the at two different portions of partial 
information. 

Although the separation of the information into two different 
channels already provides a significant enhancement over 
current procedures, an intruder actually capable of tapping a 
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10 



15 



30 



35 



both the terrestrial and the mobile telephone lines could 
obtain the complete information. Also, an intruder capable of 
monitoring only one of the two telephone lines (preferably 
the terrestrial telephone line), could find out at least a 
part of the sensitive information (e.g. the PIN of a user) by 
monitoring and analyzing a sufficient number of information 
transactions. Hence, an additional encryption is desirable. 
To achieve this, the information can also be encrypted after 
being split into the two different portions of partial 
information . 



Moreover, the microprocessor 3 0 is also programmed to act as 
an information tagging means in which said at least two 
different portions (AB, CD, EF, GH, IJ, KL) of partial 
information are provided with markings (l, 2, 3, 4, 5, 6) 

20 containing an indication regarding the sequential order of 
the different portions of partial information. This 
indication is also be encrypted together with the information 
portions in order to avoid an intruder being able to 
immediately gather the order of the information transmitted 

25 via one or both communication paths. 

The microprocessor 30 can carry out a program according to 
the flow chart of Fig. 3. The corresponding transformation of 
the data structure is shown in Fig. 4. 



It is understood that the flow of information from the second 
computer to the first can be carried out in a way 
corresponding to the procedure described above. 
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Claims 

1. A secure data communication system comprising 

- a first computer (10, 16) being adapted to transmit/receive 
information to/from a second computer (12) via a first 
communication path (14), characterized in that 

said first computer (10, 16) being adapted to 
transmit/receive information to/from a second computer (12) 
via a second communication path (20) distinct from said first 
communication path (14), 

- said first computer (10, 16) being adapted to 

split the information into at least two different 
portions of partial information prior to transmitting the 
information to the second computer, 

- transmit the at least two different portions of partial 
information via said first and said second communication 
path, 

- said second computer (12) being adapted to 

receive at least two different portions of partial 
information from the first computer via said first and said 
second communication path, and 

- combine said at least two different portions of partial 
information to obtain the original information. 

2. The secure data communication system of claim 1, wherein 
said first and/or said second computer further comprises 

an information splitting/combination means to split 
information to be sent and/or to store received different 
portions of partial information and to combine said received 
and stored different portions of partial information to 
obtain the original information. 

3. The secure data communication system of claim 1 or 2 , 
wherein each information splitting/combination means 
comprises 

- a determination means to determine an splitting scheme 
according to which the different portions of partial 
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via 



10 



information from the first computer are splitted and sent 
said first and said second communication path to said second 
computer. 

4. The secure data communication system of claim 3, wherein 

- the determination means is adapted to determine the order 
of splitting according to a predetermined scheme or a random 
scheme . 

5. The secure data communication system of claim 1, 2f or 
15 3, wherein 

- the first communication path is provided in a terrestrial 
telephone network, and 

- the second communication path is provided in a cellular 
mobile telephone network. 

20 

6. The secure data communication system of any of claims 1 
to 5, wherein the first and/or said second computer further 
comprises 

- an information encrypting/decrypting means in which 
-- said information is encrypted prior to being split into 
said at least two different portions of partial information 
or 

~ said information is encrypted after being split into said 
at least two different portions of partial information. 

7. The secure data communication system of any of claims 1 
to 6, wherein the first and/or said second computer further 
comprises 

- an information tagging means in which said at least two 
different portions of partial information are provided with 
markings containing an indication regarding the sequential 
order of the different portions of partial information. 

8. The secure data communication system of any of claims i 
40 to 7, wherein the first and/or said second computer further 

comprises 



25 



30 



35 
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5 - an information processing means in which information 
received from a respective other computer is only processed 
upon an authorization indication generated by a authorization 
computer connected to the information processing means. 

10 9. A peripheral device connectable to a computer, said 
peripheral device comprising: 

- a first input/output connector for transceiving information 
to/from said computer from/to said peripheral device, 

a second input/output connector for transceiving 
15 information to/from said peripheral device from/to a first 
interface connectable to a first communication path, 

- a third input/output connector for transceiving information 
to/from said peripheral device from/to a second interface 
connectable to a second communication path, and 

20 - a controller for controlling the transmission/reception of 
information to/from said computer from/to said peripheral 
device, processsing said information and transceiving said 
information to/from said peripheral device from/to said first 
and/or second interface from/to said first and/or second 

25 communication path. 
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Fig. 2 
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Fig. 3 
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